A judicial branch agency tasked with supporting federal courts announced Thursday the federal judiciary’s electronic case filing system has faced escalating cyberattacks, prompting efforts to enhance security.
The Administrative Office of the U.S. Courts, which manages the system, said in a news release a series of “sophisticated and persistent” attacks have led to increased efforts to strengthen protections for sensitive case documents and block future attacks.
The agency noted the “vast majority” of documents filed with the system are not confidential, but some filings contain important information sealed from public view.
“These sensitive documents can be targets of interest to a range of threat actors,” the release reads. “To better protect them, courts have been implementing more rigorous procedures to restrict access to sensitive documents under carefully controlled and monitored circumstances.”
The announcement follows a Politico story on Wednesday that revealed the sweeping breaches, which it said are believed to have exposed sensitive court data across several states. The hack could have compromised the identities of confidential informants involved in criminal cases at several district courts, Politico reported, citing two anonymous sources.
Other court documents often filed under seal include arrest and search warrants as well as indictments that might include nonpublic information about alleged crimes.
The breaches affected the federal judiciary’s core system, according to Politico. It includes two components: Case Management/Electronic Case Files, or CM/ECF, which is used by legal professionals to upload court filings; and PACER, which lets the public have limited access to that data.
In June, Judge Michael Scudder of the U.S. Court of Appeals for the 7th Circuit, who chairs the Judicial Conference’s committee on information technology, told the House Judiciary Committee that CM/ECF and PACER are “outdated, unsustainable due to cyber risks, and require replacement.”
“Intensive efforts to modernize these systems are underway,” he said.
At the time, he said the judiciary planned to roll out improved systems on an “incremental basis” — in waves, as opposed to all at once after a new system has been fully developed.
The Administrative Office of the U.S. Courts determined the severity of the issue around July 4 but is still assessing the incident’s scope, Politico reported. In its statement, the office said it is collaborating with Congress, the Justice Department, the Department of Homeland Security and other partners to mitigate the risks and impacts of the attacks.
“In tackling cybersecurity threats, the Judiciary embraces its security obligations and remains committed to leveraging all available resources to include collaboration with law enforcement, national security and cybersecurity organizations, and other information sharing entities,” the statement reads.
